managed-settings.json: deny Read(**) does not block reads outside allowed paths
Bug Report
### Environment
- Claude Code CLI
- managed-settings.json in /etc/claude-code/
- Linux (Ubuntu)
### Configuration
``json``
{
"permissions": {
"allow": [
"Read(~/myfiles/**)",
"Edit(~/myfiles/**)",
"Write(~/myfiles/**)",
"Read(~/.claude/**)",
"Edit(~/.claude/**)",
"Write(~/.claude/**)",
"Bash(git *)",
"Bash(npm *)",
"Bash(mvn *)"
],
"deny": [
"Read(**)",
"Edit(**)",
"Write(**)",
"Bash"
]
},
"allowManagedPermissionRulesOnly": true
}
Bug: deny Read(**) does not block reads outside allowed paths
Expected: Reading files outside the allowed paths (e.g. /etc/xattr.conf) should be denied by the Read(**) deny rule.
Actual: Arbitrary files can be read freely. For example, /etc/xattr.conf and /etc/claude-code/managed-settings.json were both readable despite no allow rule covering /etc/.
Impact
The deny rule Read(**) is ineffective — files that should be denied are allowed. This undermines the security posture of managed-settings.json, since an administrator cannot restrict reads to only the allowed paths.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗